switching

[Kostas Liakakis]

An ontos 0eleis bridge, yparxei ena sxetiko patch pou kykloforei, alla den
exo empeiria me auto.

Ypo0etontas oti auto pou 0es einai na apomonoseis ena subnet A apo olh thn
eiserxomenh kinhsh mporeis na baleis to mhxanaki pou 0es. Dyo kartes,
tsekarismena  ta:

network packet filtering
ta panta sto netfilter configuration (ektos experimental)
ip advanced router
   ip policy routing (kai ta dyo apo kato tou)
   ip use tos value as routing key (pote den 3ereis...)

Mhn 3exaseis to echo 1 > /proc/sys/net/ipv4/ip_forward

Bale default route sto idio to endiameso mhxanhma. An ta mhxanakia tou A
exoun default route kapou, alla3e to na deixnei ston endiameso sta0mo. To
idio me auta tou B. Mexri edo 0a prepei na mporeis na douleueis apo to A kai
B san na mhn yphrxei endiamesos.

Ok. Tora ta rules. Pare mia teleutaia ekdosh tou iptables kai kanthn
compile. Les paketa apo to A na phgainoun sto B alla oxi to anapodo. Ean to
B den mporei na steilei piso _apolytos_ tipote, tote na 3ereis mono UDP
paketa mporoun na perasoun me kateu0ynsh apo to A pros to B. Eso to A
192.168.1.0/24 kai to B 192.168.2.0/24

iptables -I FORWARD -p all -s 192.168.2.0/24 -d 192.168.1.0/24 -j REJECT

Me auto exoume kopsei ta panta apo to B sto A.
Me to iptables mporeis na 3ediale3eis thn kykloforia pou 0es poly pio kala
apo to parapano.
px anti gia to parapano mporeis na exeis:

iptables -I FORWARD -p tcp  ! --syn -s 192.168.2.0/24 -d 192.168.1.0/24 -j
ACCEPT
iptables -I FORWARD -p all -s 192.168.2.0/24 -d 192.168.1.0/24 -j REJECT

Me auta ta dyo, epitrepeis udp KAI tcp syndeseis apo to A sto B alla to B
den mporei na 3ekinhsei mia syndesh tcp pros to A.

Elpizo na sou edosa arketes idees :-)

-K.


"George Xilouris" <xilouris at iit.demokritos.gr> wrote in message
news:mailman.1003761431.32013.linux-greek-users at lists.hellug.gr...
> Pws mporw va sthsw eva mhxavhma poy 0a evwvei dyo ypodiktya (bridge)  alla
> 0a epitrepei movodromh syndesh dhladh ta paketa 0a phgaivouv apo to A sto
B
> kai oxi avapoda!!
>
>
> euxaristw.